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DECISION ON APPEAL 

This is a decision on the appeal from the final rejection of 
claims 1-26, which are all of the claims pending in the present 
application. " ^ " 

The disclosed invention relates to a system and method for 
implementing a computer network firewall by applying a security 
policy represented by a set of access rules for a given 
communication packet. 
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Claim 1 is illustrative of the invention and reads as 
follows : 

1. A method for validating a packet in a computer network, 
comprising the steps of: 

deriving a session key for said packet; 

selecting at least one of a plurality of security 
policies as a function of the session key; and 

using the selected at least one of the security 
policies in validating said packet. 

The Examiner relies on the following prior art: 
Shwed 5,606, 668 Feb. 25, 1997 

Claims 1-26, all of the appealed claims, stand finally 
rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Shwed. 

Rather than reiterate the arguments of Appellants and the 
Examiner, reference is made to the Briefs, 1 the final Office 
action, and Answer for the respective details. 

OPINION 

We have carefully considered the subject matter on appeal, 
the rejection advanced by the Examiner, the arguments In support 



lr rhe Appeal Brief was filed July 17, 2000 (Paper No. 13) . In 
response to the Examiner's Answer dated September 26, 2000 (Paper No. 
14), a Reply Brief was filed November 30, 2000, (Paper No. 15), which 
was acknowledged and entered by the Examiner as indicated in the 
communication dated December 15, 2000 (Paper No. 16). 
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of the rejection, and the evidence of obviousness relied upon by 
the Examiner as support for the rejection. We have, likewise, 
reviewed and taken into consideration, in reaching our decision, 
Appellants' arguments set forth in the Briefs along with the 
Examiner's rationale in support of the rejection and arguments in 
rebuttal set forth in the Examiner's Answer. 

It is our view, after consideration of the record before us, 
that the evidence relied upon and the level of skil l i n the 
particular art would have suggested to one of ordinary skill in 
the art the obviousness of the invention as set forth in claims 
1-26. Accordingly, we affirm. 

Appellants nominally indicate (Brief, page 3) that the 
claims on appeal stand or fall together as two separate groups. 
For the first group including claims 1-15 and 17-26, we will 
select claim 1 as the representative claim and claims 2-15 and 
17-26 will stand or fall with claim 1. Claim 16, grouped and 
argued separately by Appellants, will be considered 
independently. NoteJEn re King , 801 F.2d 1324, 1325, 231 USPQ 
136, 137 (Fed. Cir. 1986); In re Sernaker , 702 F.2d 989, 991, 217 
USPQ 1, 3 (Fed. Cir. 1983) . Only those arguments actually made 
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by Appellants have been considered in this decision. Arguments 
which Appellants could have made but chose not to make in the 
Briefs have not been considered ( see 37 CFR § 1.192(a)). 

As a general proposition in an appeal involving a rejection 
under 35 U.S.C. § 103, an Examiner is under a burden to make out 
a prima facie case of obviousness. If that burden is met, the 
burden of going forward then shifts to Appellants to overcome the 
prima facie case with argument and/or evidence. Obviousness is 
then determined on the basis of the evidence as a whole and the 
relative persuasiveness of the arguments. See In re Oetiker , 977 
F.2d 1443, 1445, 24 USPQ2d 1443, 1444 (Fed. Cir. 1992); In re 
Hedges , 783 F.2d 1038, 1039, 228 USPQ 685, 686 (Fed. Cir. 1986); 
In re Piasecki , 745 F.2d 1468, 1472, 223 USPQ 785, 788 (Fed. Cir. 
1984); and In re Rinehart , 531 F.2d 1048, 1051-52, 189 USPQ 143, 
147 (CCPA 1976) . 

With respect to representative claim 1, Appellants' 
arguments in response to the obviousness rejection assert that 
the Examiner has failed to establish a prima facie case of 
obviousness since all of the claimed limitations are not taught 
or suggested by the applied prior art references. In particular, 
Appellants contend (Brief, page 5) that, in contrast to the 
language of claim 1 which requires the selection from a plurality 
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of security policies, Shwed merely selects from plural rules in a 

single rule set or security policy. Appellants amplify their 

arguments by asserting (Brief, page 6) that, unlike Shwed, 

* . . . the claimed invention is directed toward rule set 

selection not just individual rule selection" and also that 

* . . . Shwed only refers to ^multiple security rules' . . . not 

multiple sets of rules/' 2 

After careful review of the Shwed reference in light of the 
arguments of record, however, we are in agreement with the 
Examiner's position as stated in the Answer. In our view, the 
Examiner's assertion (Answer, page 3) that the claimed "security 
policies" correspond to Shwed' s security rules is a reasonable 
interpretation of the claim language when considered in light of 
Appellants' specification. We note that it is a basic tenet of 
patent law that claims are to be given their broadest reasonable 
interpretation consistent with the description in the 
specification. 



2 In the obviousness rationale set forth by the Examiner (final 
Office action, page 3), it is asserted that the extraction of packet 
data to determine the applicability of a security rule in Shwed would 
be obviously recognized and appreciated by the skilled artisan as 
corresponding to the claimed * session key/' Appellants' arguments in 
the Briefs do not dispute this assertion and we find no error in the 
Examiner's stated position. 
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With the above discussion in mind, we have reviewed 
Appellants' specification for guidance as to the proper, 
interpretation of the claim language and we find little 
enlightenment as to how to properly interpret the "security 
policies" language of representative claim 1. Appellants' 
argument (Reply Brief, page 2) in support of their position as to 
the proper interpretation of the language of claim 1 refers to 
the portions of their specification at page 5, lines 1 and 2 and 
lines 23 and 24. We do not find this persuasive. The excerpt at 
page 5, lines 1 and 2 merely states that a single firewall can 
support multiple users where each user might have a separate 
security policy. 

Similarly, in our view, the portion at page 5, lines 23 and 
24 which states that "security policies can [our emphasis] be 
represented by sets of access rules," rather than supporting 
Appellants' asserted restrictive interpretation of "security 
•policies," instead suggests a broader and more inclusive 
interpretation. Given the paucity of ..description in Appellants' _ 
specification as to the nature of a "security policy," we can 
only reach the conclusion that the "security policies" language 
of representative claim 1 simply does not require the 
interpretation asserted by Appellants in the Briefs. In our 
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opinion, we find no error in the Examiner' s interpretation of the 
claimed ^security policies" as corresponding to Shwed' s security 
rules in which each rule can be considered a security policy, 
especially in view of the fact that there is no proscription 
against a rule set or security policy having only one rule in the 
set . 

For the above reasons, since it is our opinion that the 
Examiner's prima facie case of obviousness has not been overcome 
by any convincing arguments from Appellants, the Examiner's 
35 U.S.C. § 103(a) rejection of representative independent claim 
1, as well as claims 2-15 and 17-26 which fall with claim 1, is 
sustained. 3 

We also sustain the Examiner's 35 U.S.C. § 103(a) rejection 
of independent claim 16, grouped and argued separately by 
Appellants. Although claim 16 is directed to the feature of 
permitting modification of domain access rules only by an 
administrator for a given domain, Appellants' arguments are an 
extension of those made previously with regard to claim 1. In 

3 While Appellants have grouped (Brief, page 3) claims 1-15 and 
17-26 as a single group which stand or fall together, the Brief at 
pages 8-10 briefly discusses the merits of all of the claims. The 
extent of these arguments, however, relies on Appellants' asserted 
interpretation of "plural security policies" as multiple sets of 
rules, an assertion which we have found to be unpersuasive as 
discussed supra . 
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Appellants' view (Brief, pages 10 and 11; Reply Brief, page 7), 
since Shwed' s system involves selective placement of packet 
filters where each filter has a single set of rules in contrast 
to Appellants' system which has separate rule sets (security 
policies) in a single firewall, Shwed has no disclosure of 
independent administration of respective security policies as 
claimed. Appellants go on to assert that Shwed' s system suggests 
a single administrator for the entire single rule set rather than 
a separate administrator for each domain. 

It is our view, however, that the requirements of appealed 
claim 16 do not distinguish over the system described by Shwed at 
least in the manner broadly claimed by Appellants. Even 
assuming, arguendo , that Appellants' suggestion that Shwed has a 
single administrator for all domains is correct, this single 
administrator would also be an administrator for a given domain 
as claimed. 

In summary, we have sustained the Examiner's 35 U.S.C. 
§ 103(a) rejection of all of the claims on appeal. Therefore, 
the decision of the Examiner rejecting claims 1-26 is affirmed. 
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No time period for taking any subsequent action in 
connection with this appeal may be extended under 37 CFR 
§ 1.136(a) . 



AFFIRMED 




ERROL A. KRASS 
Administrative Patent Judge 
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